May, 2009

Hi, Billy Rios here, I was recently invited to speak at Hack in the Box (HITB) in Dubai. While at HITB, I participated in two different talks, but I’m going to focus on the talk Chris Evans and I co-presented: “Cross Domain Leakiness.” Chris Evans is...

Marhaban! Maarten Van Horenbeeck here from the Microsoft Security Response Center (MSRC). This is the first time I have blogged here on EcoStrat. As a Security Program Manager with MSRC, one of the roles I have is to work with security researchers, and this often involves attending security conferences to meet with you. Two weeks ago, a couple of us in Trustworthy Computing (TwC) attended the Hack in the Box (HITB) security conference in hot and sizzling Dubai, United Arab Emirates.

Hey, Steve here. Just finally settling back in after traveling a bit, meeting up with different parts of the security ecosystem. It was good to get out and see firsthand events like CanSecWest, and most recently Black Hat Amsterdam where I met with security specialists in and around the EU. Now that I am back in the States, I have caught up on my reading. I came across this article about what the US Air Force did to ensure that every computer delivered to them was in a set and secure configuration. This is a great approach and, if you can do it, I highly recommend it because the alternative is to bolt on security at the end, and that is always costly and not fool-proof.

There is, however, a part of the article that is unclear. The article talks about how Microsoft was pressured into releasing special Windows XP versions for only the Air Force and government agencies. This is just not true.